VPN tunnel config question

I'm running PANOS 4.0.13.  Can I set up a tunnel where the peer IP is 1.1.1.1 and the remote proxy id is the same IP as the peer?  I think I tried this before on an earlier release and it didn't work, so I had to NAT.  Thanks!

OCSP query

Hi,

We are implementing a SSL-VPN solution using Global Protect and our own CA. From what I have seen the OCSP queries are made on demand, when the certificate is presented for the first time, and then at a fixed interval(60 minutes). I tried changing

sslvpn 4.0.x issue

Hi,

When configuring sslvpn we tried to use an Adsl modem which makes its public 1.1.1.1 NAT 443 to a local ip 172.16.2.1

this ip is PaloAlto's L3 interface.Default gateway of PaloAlto is 172.16.2.2 which is modem.

People can access to internet from Pal

Days needed for Palo Alto subscription to release

Hi All,

Our palo alto subscription currently near the end of subscription expiration date.

We've ask quotation for the new license from PaloAlto distributor, and based on information from the distributor it will take 4 - 6 weeks for new subscription to

Did anyone succesfully connect with globalprotect through the IOS App ?

Hi,

I just downloaded the app from the appstore, and just at the point where i got enthusiastic, i got a certificate error which should not be there because the chain is correct.

After clicking OK, i got the error "Cannot connect to Globalprotect. Your

Best Practices Agent configuration of many DC

Hi all,

There are 18 seperate Domain Controllers on different cities.using 2 user id agent with all DC's make very high traffic between these sites and affect voip packets.When we disable the agent we saw that this is the issue.So how can we configure

PA200 replacement fan

Aside from an RMA on the whole box, what can be done about a noisy PA200 fan (without getting a void warranty of course ) ?

Virtual-wire active/passive HA issue

Hello!

We are testing out a topology in the lab, with 2 PA-2020 in an active/passive HA cluster. They are between 2 pairs of Cisco switches and should play a role of redundant in-line firewalls. The connection to the switches is with FO modules on por

cannot block hotspot shield

HI

it seems it has became vey diffcult to block hotspot shield , even though the application is being idenfied by palo alto , still hot spot finds it way by port 80 . is there any way to block hot spot shield.Also From IPAD/IPHONE it is easily connect

Globalprotect and Lenovo/Stoneware's Lanschool

Good morning, all!

For the past several months, we've had an ongoing issue with our student's take-home 1:1 netbooks.  Once they attach to the globalprotect portal/gateway, they won't work with LanSchool any longer.

First, the environment background:

PA